“The challenge for policy makers is to achieve a balanced approach towards privacy, with the least adverse impact on citizens’ interests and industry business”, said Udo Helmbrecht, Executive Director of ENISA, at the European Parliament high-level conference in Brussels. The conference jointly organised by the Civil Liberties Committee (LIBE) and the Luxemburg Presidency of the Council of the EU, co-chaired by the IMCO and ITRE Committees, debates the protection of online privacy, by enhancing IT security and strengthening EU IT capabilities.

ENISA welcomed the separately discussed policy areas of stimulating adoption of privacy enhancing technologies (PETs), addressing soft- and hardware vulnerabilities and the internet infrastructure as well as developing the EU potential for a strong and vital IT industry. ENISA hopes for a stimulating effect of the conference in the political debate on these closely linked policies.

PETs, standardization and certification are basis for the IT industry

The use of PETs such as ‘privacy by design’ are part of the IT functionality offering privacy protection compatible with and building on standard security features, and are encouraged to be applied by default. Furthermore, EU guidelines that address the development of secure soft- and hardware such as standardisation and certification, which ENISA also develops, can be promoted and applied across the EU as a means to address vulnerabilities.

The introduction of Internet of Things (IoT) is an example that demonstrates their increased importance as it entails security challenges that can be partially mitigated from the network resilience aspect. However, the interplay of IoTs with software and hardware components introduces more risks and threats. In this regard, certain components of the internet architecture play an important role. Hence it is important to establish information sharing on incidents and vulnerabilities and a dialogue among the actors that can help towards a common approach to security.

With regards to addressing the criticality of EU IT infrastructure, Member States have developed specific measures to protect it. The new agreed text on the NIS directive is a positive step for a more harmonised approach and cooperation among all actors and sectors, addressing the security of the digital infrastructure (whether energy, health, transport or finance ) in order to ensure a high-level of safety of critical systems, infrastructure and citizens. ENISA has extensive experience in these areas. With its experience good cooperation mechanisms have been developed (through CSIRTs and the Cyber Europe series exercises) that allow competent authorities together with the private sector to respond to incidents (article 13a, TSPs)[1]. “We look forward to further enhancing and strengthening our collaboration in this direction” said Helmbrecht.

ENISA highlights the added-value of the cybersecurity market

In the discussion the enabled values arising from cybersecurity, which could reach 640bn[2] euros for the EU economy, were highlighted. The EU cybersecurity market is underdeveloped, with an estimated value at 20bn euros growing at 6% CAGR[3]. What is important, is for the EU to establish cyber trust among citizens and industry to create a competitive EU based ICT sector, further strengthening the EU position.